Expand description
V2 Upgrade Token is created during V1→V2 key rotation and holds both user keys wrapped by each other. This allows V1 devices to retrieve the V2 key (to complete the upgrade), and V2 devices to retrieve the V1 key (e.g. to rotate local device unlock methods still encrypted with V1).
On unwrapping, both directions are validated - an attacker can’t modify one wrapped key without breaking the other direction’s validation.
Structs§
- V2Upgrade
Token - Holds both V1 and V2 user keys, each wrapped by the other.
Enums§
- V2Upgrade
Token Error - Errors that can occur when working with V2UpgradeToken